CVE-2009-5145

{"id": "CVE-2009-5145", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2017-08-07T17:29:00.173", "references": [{"url": "http://cve.killedkenny.io/cve/CVE-2009-5145", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.openwall.com/lists/oss-security/2015/03/02/7", "tags": ["Mailing List", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/72792/info", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}, {"url": "https://bugs.launchpad.net/zope2/+bug/490514", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://github.com/zopefoundation/Zope/commit/2abdf14620f146857dc8e3ffd2b6a754884c331d", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://security-tracker.debian.org/tracker/CVE-2009-5145/", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in ZMI pages that use the manage_tabs_message in Zope 2.11.4, 2.11.2, 2.10.9, 2.10.7, 2.10.6, 2.10.5, 2.10.4, 2.10.2, 2.10.1, 2.12."}, {"lang": "es", "value": "Existe una vulnerabilidad de tipo cross-Site Scripting (XSS) en p\u00e1ginas ZMI que emplean manage_tabs_message en Zope 2.11.4, 2.11.2, 2.10.9, 2.10.7, 2.10.6, 2.10.5, 2.10.4, 2.10.2, 2.10.1, 2.12."}], "lastModified": "2017-08-15T16:29:29.077", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:zope:zope:2.10.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B149F59C-5FD4-4C77-A13B-EABFB3751CCE"}, {"criteria": "cpe:2.3:a:zope:zope:2.10.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "364BF6B5-3C83-41D3-A934-40BD0C4D05ED"}, {"criteria": "cpe:2.3:a:zope:zope:2.10.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E44409DF-0B7A-42C5-B499-64AA62AE7F29"}, {"criteria": "cpe:2.3:a:zope:zope:2.10.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "02F52B0A-A6F9-4357-9E54-69794FE6568E"}, {"criteria": "cpe:2.3:a:zope:zope:2.10.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B80D8374-50AD-4710-9B6E-C31B67B98C97"}, {"criteria": "cpe:2.3:a:zope:zope:2.10.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5B85BDEE-B9B3-45E5-B1FC-F639B2351E1A"}, {"criteria": "cpe:2.3:a:zope:zope:2.10.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CB5C2E63-04C5-4F91-8649-0C7F0E9B4D63"}, {"criteria": "cpe:2.3:a:zope:zope:2.11.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E7994032-FEBB-4FD3-9808-A7B277CAD8A7"}, {"criteria": "cpe:2.3:a:zope:zope:2.11.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B740CAB6-4459-4934-9731-954BF6DAC019"}, {"criteria": "cpe:2.3:a:zope:zope:2.12.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2704CA8B-2AB3-48C7-85DC-66F9AD667E0B"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}